Full Report
Oracle has linked an ongoing extortion campaign claimed by the Clop ransomware gang to E-Business Suite (EBS) vulnerabilities that were patched in July 2025. [...]
Analysis Summary
# Vulnerability: Oracle E-Business Suite Flaws Linked to Clop Extortion Campaign
## CVE Details
- CVE ID: CVE-2025-30745, CVE-2025-30746, CVE-2025-50107 (and others addressed in the July 2025 CPU)
- CVSS Score: N/A (Scores not provided in the text)
- CWE: N/A
## Affected Systems
- Products: Oracle E-Business Suite (EBS)
- Versions: Versions impacted by the July 2025 Critical Patch Update (CPU).
- Configurations: Vulnerabilities include flaws exploitable remotely without requiring user credentials.
## Vulnerability Description
Multiple security flaws impacting Oracle E-Business Suite (EBS) were addressed in the July 2025 Critical Patch Update (CPU). Specifically, at least three of these flaws (CVE-2025-30745, CVE-2025-30746, and CVE-2025-50107) are noted as being remotely exploitable without needing user authentication. These vulnerabilities are currently being linked by Oracle to an ongoing extortion campaign attributed to the Clop ransomware gang, who claim to have breached EBS systems and exfiltrated data.
## Exploitation
- Status: **Exploited in the wild** (Oracle confirms customers are receiving extortion emails allegedly based on the exploitation of these vulnerabilities.)
- Complexity: At least three of the related vulnerabilities allow **Remote** exploitation **without credentials**.
- Attack Vector: Network (Implied by remote, unauthenticated exploitability)
## Impact
- Confidentiality: High (Claimed data theft/exfiltration by attackers.)
- Integrity: Undetermined/Potential
- Availability: Undetermined/Potential
## Remediation
### Patches
- Customers should apply the fixes provided in the **July 2025 Critical Patch Update (CPU)** for Oracle E-Business Suite.
### Workarounds
- Oracle reaffirms its strong recommendation to apply the latest Critical Patch Updates. (No specific compensating controls or workarounds detailed, enforcement of patching is the primary advisory.)
## Detection
- Detection methods are not specified in the article, but indicators include receiving extortion demands from the Clop gang referencing stolen Oracle EBS data.
## References
- Vendor Advisory: hXXps://blogs.oracle.com/security/post/apply-july-2025-cpu
- Affected Flaws List: hXXps://www.oracle.com/security-alerts/cpujul2025.html#AppendixEBS